“The material we found was sufficient for us to recreate the private key and impersonate
the server,” wrote Strömberg, warning that users of OpenVPN should assume others have created
exploits for “nefarious purposes”.

Mulvad’s confirmation means that organisations using an OpenVPN server or servers that rely on
OpenSSL should take immediate steps to remove the vulnerability.

According to the community wiki, OpenVPN is affected if it is linked against OpenSSL versions
1.0.1 to 1.0.1f and anyone running those versions of OpenSSL should:

Email Alerts

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Google is the latest of the tech giants hiring Wall Street hotshots. The CIO lesson? Partner with your CFO if you want to get ahead. Also in Searchlight: Facebook turns Messenger into an ecosystem; Twitter faces a gender bias lawsuit.